2020 has been a challenging year for people across the globe. The push for remote work due to the spread of COVID-19 has left many businesses and organisations exposed to a higher risk of cyber attacks. IT and cybersecurity professionals are struggling with the threats devised by remote access attackers who are rushing in to take advantage of the disordered situation created by the pandemic.
As more people are working from home, more devices are out there transmitting sensitive data from private home network connections. Some people are still working in the office and have solid firewalls and cybersecurity solutions that are protecting devices behind office walls. However, there can be many vulnerabilities for networks while you are working from home and on mobile devices.
Cyberattack incidents are increasing and these cyberattackers have become more clever by identifying targeted ways to manipulate users plus technology to access passwords, networks, and other sensitive data. Let’s look at some of the cybersecurity trends that can be used against the expanding cyberthreats among various industries in the upcoming year.
Mobile phones and internet connectivity is now upgrading to next-generation technology (5G). 5G is the latest technology using a much more sophisticated platform, which requires a higher level of security. 5G is going to bring a progressive impact, not only in telecommunications, but also with handing over a platform to technological breakthroughs in the fields of digital marketing, intelligent power grids, smart cities and defence sectors.
Cybercriminals will always try to spot different ways to hack data. Or, we may see extensive DDoS attacks or threats designed to take advantage of a sophisticated network of connected devices where hackers can compromise whole networks by crashing a single device.
Recognising these risks encourage a zero-trust network design along with product quality guarantees that can make explicit connections between technology providers and adopters.
Nowadays, more businesses are carrying out their entire business online, from purchasing inventory to banking solutions through mobile phones. Multi-factor authentication gives an extra layer of cybersecurity when accessing data online by verifying your identity through an alternate touchpoint.
You are probably aware of the most prevalent MFA system where you log in with your username and password. Once your log-in credentials have been accepted, you must provide another OTP code that’s usually given through an SMS notification or emailed to a mobile device. This additional layer of security restricts malicious users from accessing your accounts and personal data.
Gathering data from different sensors makes the Internet of Things (IoT) more advantageous. As technology is getting more and more updates, cyberattacks are increasing drastically. Over the upcoming years, we predict that things will become even more complicated. You can expect hardcoded passwords, non-encrypted private data, software and hardware updates from unverified sources, problems associated with wireless communication security, and more. All of these are actual risks associated with IoT devices installed at home, public place, or organisation.
Endpoint Detection And Response (EDR)
In a work-from-home system, more devices, or endpoints are out there away from the office. Rather than concentrating on securing the devices behind a firewall in a single location, EDR focuses on safeguarding and defending the personal devices distributed across an organisation’s virtual network independent of its location.
EDR tracks the devices used for business and identifies any doubtful behaviour in real-time utilising leading technologies like artificial intelligence and machine learning, thus exposing cyberattacks, isolating infected devices, notifying administrators, and getting rid of cyberthreats. With EDR, the cybersecurity team can oversee alerts and isolate specific devices before the entire business network is hacked.
Cloud security has been a concern for internet users since it was in practice. Cloud is an astounding platform specifically since it can evolve at the progress of today’s digital business, but it also has some risks. Cloud storages can be hacked very simply using an automated exploit script that takes entire control of your cloud support.
Cloud storages are potentially attractive targets for cyberattackers as they could contain valuable data. Compromised cloud storages could also be manipulated by cybercriminals who have specific needs in cloud computing services platforms.
The trends of this year suggest that organisations need to be more strategic when it comes to upgrading their security controls. Businesses in every industry will have to get along with developing and innovating new technologies like 5G, AI, and the cloud. Continuous learning is important to know how existing technologies can defend against new threats. Strategic adaptations and consideration of new technologies can also help protect against cyberattacks.
Lower your risk of cyber attacks in 2021. Contact Nxt IT for help strengthening your cyber security solutions with our expert IT consulting and IT support. We can offer tech support services from our Griffith IT support and Canberra IT support offices.
As cybersecurity solutions become better at detecting email-based threats using machine learning (ML) and other advanced tools, cybercriminals continue to tweak their arsenal and employ leveled up versions of tried-and-tested social engineering tactics — such as phishing — to increase the likelihood of users falling for fraud, identity theft, or spoofing which could lead to enterprises losing substantial amounts of money. The FBI reports that between October 2013 and May 2018, businesses in and outside of the U.S. have lost over US$12.5 billion dollars from business email compromise (BEC) scams.
Our annual Cloud App Security report reveals that in 2018 alone, our Trend Micro™ Smart Protection Network™ security infrastructure blocked over 41 billion email threats. With heightened awareness that it just takes one successful phishing email for a business to incur massive financial losses, companies have learned to employ better email security solutions and practices. To this, cybercriminals responded by changing gears and improving their phishing strategies.
More Sophisticated Phishing Techniques
Today, it’s not just malware used that’s evolving and targeted – the technique in which it is delivered to victims has also taken on these characteristics.
Phishing has been morphing. According to the recently released Microsoft Security Intelligence Report cybercriminals are making it harder even for advanced cybersecurity tools to detect phishing emails. They are now sending phishing emails via varied infrastructure, avoiding using a single URL, IP address, or domain for sending out the emails. Aside from this, there has been a noted growth in the use of popular document sharing and collaboration sites by attackers in siphoning off sensitive user information such as email addresses, usernames, and passwords via fraudulent login forms. Out of the 8.9 million high-risk email threats that our Trend Micro™ Cloud App Security™ solution detected and blocked in 2018, we found that 40 percent of them were credential phishing attacks.
The Microsoft report also notes that attackers have increasingly used compromised email accounts to spread malicious emails in and out of an organization. The report also reveals that phishing campaigns made use of a combination of email-based attacks: one that is short, which is operative for several minutes; one that is active for an extended period of time and at a great volume; and a “serial variant” which is active for a period of consecutive days and at a small volume.
In addition, last year, we observed a unique phishing campaign at work — it uses compromised email accounts to reply to ongoing email threads. The legitimate-looking email responses contain malicious documents that house the banking trojan and spyware URSNIF, which victims unwittingly downloaded to their systems. We also saw an Apple ID phishing scam that scare users into clicking links to a credential phishing site, telling them that their service will be suspended if they do not reveal their personal information. We also detected a peculiar combination of phishing and malware techniques used in a campaign that spread the CamuBot banking trojan to business-class bank users in Brazil.